etc/sshd_config.d: add basic-security.conf

Ref: 88
2024-11-22 03:09:22 +01:00 · 2021-01-30 20:47:21 +02:00 · 2021-01-30 20:47:21 +02:00 · a7c643bb7a
commit a7c643bb7a
parent 35a118a5e8
2 changed files with 16 additions and 0 deletions
--- a/etc/ssh/sshd_config.d/README.md
+++ b/etc/ssh/sshd_config.d/README.md
@ -0,0 +1,3 @@
+sshd_config should include something like
+
+Include /etc/ssh/sshd_config.d/*.conf
--- a/etc/ssh/sshd_config.d/basic-security.conf
+++ b/etc/ssh/sshd_config.d/basic-security.conf
@ -0,0 +1,13 @@
+# RSA and Ed25519 are fine, but DSA is broken and ecdsa is suspicious
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Includes public keys in logins
+LogLevel VERBOSE
+
+# root login should probably be denied entirely, but key is better than
+# password
+PermitRootLogin prohibit-password
+
+# Passwords are bad
+PasswordAuthentication no